Custom SAML & SCIM Integration
Customer IT / SpaceIQ Onboarding Team
SpaceIQ (SiQ) offers a number Third-party Integration Applications to allow customers to seamlessly integrate employee provisioning and authentication via industry standards SAML (SSO) and SCIM protocols.
While many of the leading Third-party Providers have been already pre-integrated with the SiQ Web app, there are other vendors whose platforms are not yet formally integrated.
The Custom SAML and SCIM integration allows providers without a pre-integration process to integrate through SAML and SCIM into SiQ as long as their specific vendor’s platform supports a common “custom integration” feature.
The following provisioning features are supported:
- Single Sign-On via SAML
- Push New Users (SCIM 2.0)
- New users created through Custom IDP will also be created in the SpaceIQ application.
- Push Profile Updates (SCIM 2.0)
- Updates made to the users’ profile through Custom IDP will be pushed to the SpaceIQ application.
- Push User Deactivation (SCIM 2.0)
- Deactivating the user or disabling the user's access to the application through Custom IDP will delete the user in the SpaceIQ application. Note: For this application, deactivating a user means removing all of the user's data and removing the user's account.
This article describes how to configure the Custom SAML & SCIM integration for SiQ.
- Integration Activities
- Step 1. Activate the SiQ Integration in SiQ
- Step 2. Add a new SiQ app into Third-party Provider
Before you configure SCIM-based provisioning for SiQ, make sure you are familiar with SCIM-based authentication.
You will need the Third-party Provider's admin privileges to complete this integration and for the SiQ setup, you must have a SiQ Admin or an IT role.
Step 1. Activate the SiQ Integration in SiQ
From the SiQ Web App, complete the following:
- Click your Profile Name in the top right corner.
- Click Settings. The Settings screen displays.
- From the left menu, click Integrations.
- From the Third Party Integrations area, click the READ MORE link. The Integrations screen displays.
You can either search for Custom SAML & SCIM in the Search field or navigate to Custom SAML & SCIM tile. To navigate complete the following:
- From the left menu, click Provisioning & SSO.
- For Custom SAML & SCIM, click the Activate button.
The Custom SAML & SCIM dialog displays and it contains a Provisioning tab and an SSO tab.
This is where the SCIM Bearer Token is found.
From the SSO tab, complete the following:
- In the SAML Identity Provider Issuer URL field, paste the Issuer URL copied from the Third-Party Provider.
- In the X.509 Certificate field, paste the certificate you downloaded from the Third-Party Provider.
- Click the Activate button.
- Click the active Custom SAML & SCIM. The Custom SAML & SCIM dialog displays the following details the can be copied into your Third-part SSO Provider Admin Console.
- Copy SAML CallBack Endpoint URL and paste into Single Sign On URL field in the Third-party SSO Provider Admin Console.
- Copy SAML Audience URL and paste into SP Entity ID field in the Third-party SSO Provider Admin Console.
- Optional - In the SSO Provider Portal URL field enter the Application home URL to be redirected back to SSO Provider market space after logout.
- Optional - In the SSO Redirect URL (SiQ Portal) field, enter the SSO redirect to automatically authenticate users from SiQ Portal using SSO.
- To save any details click the Activate button.
Step 2. Enable the Provisioning in Third-party Provider
Return to the SiQ Web App and complete the following:
- Click the active Custom SAML & SCIM. The Custom SAML & SCIM dialog displays.
- From the SCIM Bearer Token field, click the Copy icon.
From the Third-party Provider, complete the following:
- Enable the automatic provisioning by following the IdP (Identity Provider) documentation.
- Add the SCIM Bearer Token.
Users without a First Name, Last Name, or Department in their SiQ profiles cannot be imported as new users.
In the event that a department also has teams (sub-departments), SiQ expects Organizations/Divisions that contain top-level organization and department details to also contain the Team Name. For example:
|Organization: Engineering with Department: QA|
More details about:
- SiQ attribute mapping, refer to Employee Attribute Mapping.
- SCIM Schema, refer to System for Cross-domain Identity Management: Core Schema.